Mickey Mouse Is Watching You

Imagine you’re a 4-year-old girl. You’re strolling through Disney World when Cinderella—whom you have worshiped from afar for most of your young life—sashays up to you, greets you by name, and wishes you a happy birthday.

If this happened to me when I was a preschooler, it’s possible that I would have literally peed my pants with delight.

Rep. Ed Markey, D-Mass., however, isn’t nearly as tickled by the prospect of ladies in blonde wigs and sparkly blue dresses knowing little girls’ names. The co-chairman of the Bipartisan Congressional Privacy Caucus got his boxers in a bunch last week after reading a New York Times story outlining this nightmare birthday scenario and other personalized services soon to be made possible, thanks to technology. Disney is poised to introduce RFID-enabled wristbands that will collect data about visitors’ activities while allowing park and hotel access, offering access to rides without waiting in line, and making souvenir purchases easier.

Markey dashed off a letter to Disney CEO Bob Iger, declaring, “Although kids should have the chance to meet Mickey Mouse, this memorable meeting should not be manipulated through surreptitious use of a child’s personal information.”

The gentleman from Massachusetts is part of an ever-growing chorus of worrywarts in positions of power who have trouble distinguishing between real invasions of Americans’ constitutionally protected right to privacy and consensual data collection by service providers.

Those are invasions of privacy. And to his credit, Markey has objected to such practices as well. But here’s the problem: He uses the same language to complain about secret wiretaps and Disney’s RFID wristbands.

Markey’s rhetoric implies that people who buy airline tickets to fly their families to Orlando, shell out for princess-themed hotel rooms, fork over large sums to gain access to an autonomous private domain surveilled from stem to stern by closed circuit cameras, and drop more cash on mouse ears and other assorted gougeables using easily traceable credit cards should not have their encounter within a grown man in a mouse suit sullied by marketers with access to customer data. This situation, he suggests, would be equivalent to those same people being under secret police surveillance in their own homes.

Wrong. Here’s the difference: Every single one of the transactions with Disney described above is voluntary. It would indeed be worthy of congressional inquiry if Disney marketers were running around the country shoveling entire families onto airplanes at gunpoint or threatening them with imprisonment for refusing to disclose their preference for It’s a Small World After All over the Hall of Presidents.

But Markey is worried about the children: “Do you plan to target advertisements at kids 12 and under?” he demands in his public letter to Disney. “Does you company plan to market, sell, or otherwise disclose personal information or profiled about its guests to other companies?” he wonders. And “[i]f a guest chooses not to use MagicBand, what disadvantages, if any, will that guest experience while visiting a Disney park (i.e. longer wait times for attractions, etc.)”

Leave aside the question of why a member of Congress should concern himself with wait times for Space Mountain in the name of protecting privacy. Disney CEO Bob Iger was not amused by Markey’s congressional grandstanding. Here’s his tart response:

We are offended by the ludicrous and utterly ill-informed assertion in your letter dated January 24, 2013, that we would in any way haphazardly or recklessly introduce a program that manipulates children, or wantonly puts their safety at risk. … Had you or your staff made the slightest effort, you would have found most of the answers to your questions already existed and were publicly available online.

Iger dropped someURLs on Markey that do, in fact, contain answers to virtually all of the congressman’s questions. First, no one has to wear bracelet (or go to a Disney park at all, for that matter). Little Timmy’s bracelet is not going track the last time he ate and start whispering about the delicious Lady and the Tramp-themed meatballs that are just around the corner. Instead, bored kids waiting in line for a Little Mermaid ride will get chatted up by an animatronic seagull. Parents have control over all privacy settings on their kids’ bracelets and can change them at will using the parks’ free Wi-Fi. Furthermore, as a company policy, Disney doesn’t use personal information to market to kids under 13 or target personalized ads at any individual kid. Nor does it share personal information with other companies for marketing. Disney did pay a $3 million Federal Trade Commission fine in May 2011 for violations of children's privacy in an online game world, but it was for infractions that occurred long before Disney acquired the company that created the game. Disney lives and dies by its record as a squeaky clean company, so it's not surprising that the men behind the mouse rarely take the risk of attracting regulators' attention.

While he regularly pipes up with objections to government incursions on personal privacy, Markey’s bête noire is the notion that private entities will somehow do worse things with our information than public institutions. Here’s Markey on Dec. 21, opining on changes to the photo sharing site Instagram’s terms of service: “Consumers, not corporations, should have control over their personal information, especially that of children and teenagers. I hope Instagram continues to prioritize privacy over profit and ensure that users’ personal information is protected and not used or sold without permission.” He keeps an eye on Google and Facebook on similar grounds. And here he is on drones (which admittedly present a more complicated set of policy questions than the Country Bear Jamboree): They “could gather information about ordinary Americans,” he fretted on CNN in April, “and it would be the private sector, not the public sector, that would be doing it. … It’s un-American for this kind of information to be gathered for commercial purposes.”

In fact, private companies gathering information on how people use their products is as American as Donald Duck. Of course companies shouldn’t lie about what they’re doing with consumer data. Privacy policies aren’t always easy to comprehend (sometimes even intentionally so), but they are publicly available and there’s tremendous pressure on private companies to improve—the Times story that so inflamed Markey sounded several notes of caution, and you’d better believe Disney took notice. But Disney’s plan is about as far from fraudulent as you can imagine.

When Disney takes your personal information—after politely asking for it and cheerfully taking no for an answer—it immediately sets about using that information to figure out better ways to sell people the stuff they want, when they want it.

By contrast, when the government takes your information—after refusing to take no for an answer—the best-case scenario is that you get nothing in return. The worst case is an arrest warrant, asset forfeiture, or indefinite detention.

Putting a kiosk hawking popcorn and tiaras in the most efficient location after tracking aggregate sales data for months is not the same thing as secret wiretaps. Pretending that there’s an equivalency is stupid at best—and dishonest at worst.